ZyWALL USG100-PLUS User’s Guide 45
CHAPTER 3
Protecting Your Network
These sections cover configuring the ZyWALL to protect your network.
• Firewall on page 45
• User-aware Access Control on page 46
• Endpoint Security (EPS) on page 47
• Device and Service Registration on page 47
• Anti-Virus Policy Configuration on page 48
• IDP Profile Configuration on page 50
• ADP Profile Configuration on page 51
• Content Filter Profile Configuration on page 54
• Viewing Content Filter Reports on page 56
• Anti-Spam Policy Configuration on page 60
3.1 Firewall
The firewall controls the travel of traffic between or within zones for services using static port
numbers. Use application patrol to control services using flexible/dynamic port numbers (see
Section 5.7 on page 113 for an example). The firewall can also control traffic for NAT (DNAT) and
policy routes (SNAT). Firewall rules can use schedule, user, user groups, address, address group,
service, and service group objects. To-ZyWALL firewall rules control access to the ZyWALL itself
including management access. By default the firewall allows various types of management from the
LAN, HTTPS from the WAN and no management from the DMZ. The firewall also limits the number
of user sessions.
This example shows the ZyWALL’s default firewall behavior for WAN to LAN traffic and how stateful
inspection works. A LAN user can initiate a Telnet session from within the LAN zone and the firewall
allows the response. However, the firewall blocks Telnet traffic initiated from the WAN zone and
destined for the LAN zone. The firewall allows VPN traffic between any of the networks.
Figure 26 Default Firewall Action
To Next Page
Loading...
